Federal Deposit Insurance Corporation Funds' 2004 and 2003 Financial Statements
GAO-05-281, Feb 11, 2005
GAO is required to annually audit the financial statements of the Bank Insurance Fund (BIF), Savings Association Insurance Fund (SAIF), and FSLIC Resolution Fund (FRF), which are administered by the Federal Deposit Insurance Corporation (FDIC). GAO is responsible for obtaining reasonable assurance about whether FDIC's financial statements for BIF, SAIF, and FRF are presented fairly in all material respects, in conformity with U.S. generally accepted accounting principles, and whether FDIC maintained effective internal control over financial reporting and compliance. Also, GAO is responsible for testing FDIC's compliance with selected laws and regulations. Created in 1933 to insure bank deposits and promote sound banking practices, FDIC plays an important role in maintaining public confidence in the nation's financial system. In 1989, legislation to reform the federal deposit insurance system created three funds to be administered by FDIC: BIF and SAIF, which protect bank and savings deposits, and FRF, which was created to close out the business of the former Federal Savings and Loan Insurance Corporation.
In GAO's opinion, FDIC fairly presented the 2004 and 2003 financial statements for the three funds it administers--the Bank Insurance Fund, the Savings Association Insurance Fund, and the FSLIC Resolution Fund. GAO also found that FDIC had effective internal control over financial reporting and compliance for each fund. GAO did not find reportable instances of noncompliance with the laws and regulations it tested. In prior years, GAO reported on weaknesses in FDIC's information system controls, which were described as a reportable condition. Specifically, FDIC had not adequately restricted access to critical financial programs and data, provided sufficient network security, or established a comprehensive program to monitor access activities. A primary reason for FDIC's information system control weaknesses was that the corporation had not established a comprehensive information security program to manage computer security. During the past several years, FDIC has made progress in correcting information system control weaknesses, and in 2004, FDIC made substantial progress in correcting most of the weaknesses that GAO identified in prior years, including taking steps to fully establish a comprehensive information security program. These improvements, combined with the progress reported last year, enabled GAO to conclude that the remaining issues related to information system controls no longer constitute a reportable condition. FDIC's implementation of new financial systems in the coming year will significantly change its information systems environment and the related information systems controls necessary for their effective operation. Consequently, continued management commitment to an effective information security program will be essential to ensure that the corporation's financial and sensitive information will be adequately protected in this new environment. GAO did not identify any reportable conditions during its 2004 audits. However, GAO noted other less significant matters involving FDIC's internal controls, including information system controls. GAO will be reporting separately to FDIC management on these matters.